> > Well I have these two files attached with my pyjamas application > bootstrap.js and bootstrap_progress.js. These are from the same web2py - > pyjamas application example that is available online. I happened to try it. > I find that although they have code in js, I don't find the database > parameters.
What "database parameters"? Are you talking about form fields? If there is a form submission, open the browser developer tools, submit the form, and you will be able to observe the outgoing request, including all post variables sent to the server -- you don't even have to look at the source code to know how the app sends form submissions. A hacker could then create their own spoofed post requests. Anyway, the details of how to construct and submit a form have to be represented somewhere in the HTML and/or JS code -- someone who knows Pyjamas will be able to figure it out. Again, you can make it more difficult for non-technical users to easily inspect your code, but you cannot prevent hackers from seeing what your client-side code is doing. Do not rely on client-side code obscurity as your only protection. Anthony
